Home >

Product Overview > Luna HSM Product Security Features

  
Luna HSM Product Security Features

Luna HSM products include a number of features that enhance security and allow you to configure aspects of security to fit your situation.

Some are decided at purchase time (example: does your HSM require Password authentication, or PED authentication). Others are determined during setup and configuration (example: "SO can reset Partition PIN" and "Force user PIN change after set/reset", both of which are HSM policy settings).

Further, certain policy changes in the HSM or in a Partition are destructive - meaning that any current contents are lost when the policy changes. This is considered a necessary security measure because those changes represent a modification of the security level of the HSM.

Another aspect of security is the manner in which different roles are separated - a given user or administrator can perform only a limited set of operations that fit within a defined role. Other roles have other responsibilities that do not overlap. The compartmentalization limits the scope of action of any one person, thus limiting possible damage if the holder of a single role is compromised. Of course, you can give all the passwords or all the PED Keys to just one person, if you like, but that would be a matter for your organization's security policy. If your security policy is silent on the matter, then it should be updated to address your use of HSMs.

The Luna HSM security features are described in the following sections:

"Roles and Users"

"About Capabilities and Polices"

"About MofN"

"Tamper, Secure Transport, and Purple PED Keys "